Send-proxy in tcp mode with encrypted traffic


i think i have currently an problem with understanding haproxies mode { tcp|http }.

I have a tcp frontend and a tcp backend wich connects 4 ExChangeservers. Incoming traffic is typical https encrypted.
Now i want to add the option send-proxy or send-proxy-v2 to my backend servers to forward original Client-IP. I read some tutorials and i was surprised that this should work also in tcp-mode with ssl encrypted traffic. In my understanding tcp mode just routes an untouched datastream to a backend server without knowing the content of the stream. How is it possible that Client-IP is forwarded to the backend in this case?
So while haproxy is not able to manipulate content of data stream is it instead a kind of manipulation of tcp-packets?
I expected to have to switch to http mode and make ssl termination or something.

Thank you,

The proxy protocol works with all protocols because it just puts its header in the first packet before any of the data.

Whatever the protocol, if the first packet from the client contains data ABCD, the first packet in the connection to the server is prepended with the proxy header, so it becomes PROXYDATAXYZABCD.

proxy v1 is ASCII while proxy-v2 is binary. Your backend server must specifically support the haproxy proxy protocol (v1 or v2), otherwise it will not work.

The proxy protocol is NOT a HTTP header, it does not care about the upper layer protocol at all (thats why it works with all protocols but it does need specific support in the backend server).

I don’t know whether exchange supports this, I have a feeling that it doesn’t.


thank you for your answer and clarification.
I have this feeling too about Exchange.